Responsible for the development and implementation of a strategic, comprehensive enterprise-wide information security and IT risk management program, including appropriate technologies, policies, standards, guidelines, plans and procedures to ensure the security of County systems. Constantly updates this IT security program to leverage new technology and threat information. Monitors County networks, systems and data and responds to intrusions. Determines and manages the technology infrastructure to protect enterprise information assets.
Essential job Functions
Plans, identifies, develops, and implements a multi-layered security defense to protect County networks, systems and data from attacks.
Designs, configures, manages, maintains, and troubleshoots security infrastructure and applications.
Ensures controls are in place to monitor County systems and networks for vulnerabilities and security breaches.
Responds to network security incidents, identifies root causes and implements corrective action.
Consults with vendors and service providers regarding security hardware and software solutions; evaluates and recommends solutions.
Manages all teams, employees, contractors and vendors involved in IT security.
Maintains current knowledge of cyber threats, security issues and security requirements.
Assesses and evaluates proposed new County technologies for security related issues and components.
Ensures compliance with changing IT security related laws and applicable regulations.
Oversees internal IT risk assessments, to include tests of County networks and systems to ensure security measures.
Manages annual external information security risk assessment.
Participates in information security audits.
Develops, implements, monitors, and maintains security policies, standards, plans and procedures for IT related controls.
Develops, implements, and continually refines a County-wide IT security education program to include automated security training, regular security communications and the promotion of National Cybersecurity Awareness month initiatives.
Prepares IT security budget.
Advises Chief of IT on information security issues, data protection requirements and cyber security threats.
Works closely with Network Manager and Applications Manager in identifying security issues and implementing solutions.
Performs related work as required.
Knowledges, Abilities and Skills (These are pre-employment KASs that apply only to Essential job Functions.)
Information Security concepts, best practices and threats
Information Security controls
Legal issues, privacy, and ethics as it relates to IT Security
A wide range of computer systems and security tools
Maintain knowledge of current information security best practices and threats
Install, maintain, and troubleshoot IT security appliances.
Install and maintain Firewalls.
Secure networking infrastructure to include wireless, telework and BYOD networks
Assess and document test or analysis data to show compliance
Communicate effectively orally and in writing
Establish and maintain effective working relationships with others encountered in the workplace.
Required Qualifications (Note: Any acceptable combination of education, training and experience that provides the above knowledges, abilities and skills may be substituted on a full-time year for year basis.)
Training and/or Education
Bachelor’s degree in IT, Cyber Security or related field.
Seven (7) years of networking systems or network security.
Licenses or Certificates
Certified Information Systems Security Professional (CISSP)
The work is mostly sedentary with frequent periods of walking and standing. Typical positions require workers to lift and carry up to 30 pounds; climb stairs; bend and crouch; reach, hold, grasp and turn objects; and use fingers to operate computer or typewriter keyboards. The work requires the ability to speak normally, to use normal or aided vision and hearing and to detect odors.
Work is subject to frequent interruptions and occasional work beyond the normal scheduled hours of operation.